Lawmakers are considering a Florida Biometric Information Privacy Act similar to the controversial Illinois law that has led to many both high-profile and arguably frivolous lawsuits. The proposed Florida legislation comes as the use of biometrics for identification and authentication is increasing rapidly across many sectors of society.

The proposed law presumably would have notable impact in a state with multiple theme parks that attract millions of tourists and locals each year

In Florida, two state lawmakers — Sen. Gary Farmer and Rep. Bobby DuBose, both Democrats — have proposed a law called the Florida Biometric Information Privacy Act that would, according to one analysis, “establish requirements and restrictions on private entities as to the use, collection, and maintenance of biometric identifiers and biometric information.” The proposed law calls for penalties of up to $5,000 for each violation.

The regulation presumably would have notable impact in a state with multiple theme parks that attract millions of tourists and locals each year. Disney already uses fingerprint biometrics in Florida in an attempt to cut down on people sharing tickets.

Florida Biometric Information Privacy Act similar to other states

If the proposed Florida law sounds familiar, that’s no surprise. It’s pretty similar to a law in Illinois that has been serving as the vehicle through which plaintiffs and defendants are starting to set case law precedent when it comes to biometric use by private companies. The Illinois Biometric Information Privacy Act, or BIPA, has similar restrictions and also sets financial penalties for what those who file suit claiming misuse of their biometric information by private companies. Early BIPA cases have included fingerprint time and attendance systems, online photo services and facial recognition applications.

In one of the most recent and noteworthy cases involving that Illinois law, a judge in late 2018 dismissed the case alleging Google had violated that state law by collecting and storing facial biometrics without user consent. Under debate was Google’s use of facial recognition software that scanned images stored in Google Photos in an attempt to identify subjects — thus automating the organization of images. Among the questions addressed in that case was whether a company can be held accountable if plaintiffs incurred no real damages. In the Google case and others, judges determined that answer is no, though the BIPA regulation does not preclude it and other rulings have gone the other direction.

That case is one of about 200 total cases filed under BIPA against private organizations.

Biometric law impacts in Florida

Back in Florida, the proposed law, which is “strikingly similar” to the Illinois law, according to a legal analysis, would require “private entities in possession of biometric identifiers or biometric information to develop a publicly available written policy establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information.” Were that law to pass, the analysis says, “as we saw in Illinois, this legislation could result in class action lawsuits against private entities for any technical violation. If Florida courts follow Illinois’ precedent, Floridians do not need to have suffered actual damages in order to recover for violations of the Act.”

At the time of writing, prospects for passage of the Florida Biometric Information Privacy Act were unclear.